Another option, if you don’t actually want to test the security but
instead focus on the behaviour of your own controllers, is to disabled
the filter when testing. In
RAILS_ROOT/test/functional/your_controller_test.rb: